SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

14

January 14, 2020 00:30:45
Episode 14: DevOps Secret Management

Episode 14: DevOps Secret Management

Attendees Guest: Oded Hareven Guest title:  Founder & CEO Company:  A-Key-Less Abstract Application Secret management is becoming one of the biggest challenges for application security. With cloud, CI/CD and micro services architecture we discover that we are using a growing number of encryption keys, API keys, SSH keys tokens and connection strings. In this episode we talk with Oded HarEven, Founder at A-Key-Less about the challenges of secret management and the way to build secure secret management solution. Timing 0:00 Intro and introducing our guest 1:40 Application secret management  - defining what secret is, and what is secret management 6.00  Challenges with encryption keys  9:47   How to handle application secret management and encryption keys - requirements and best practices 12.25 Zero trust in key management - what does it mean and how to implement it 20:10 The process of integrating keys with cloud platform 25:35 A-Key-Less state of the market approach 27.35 Summary and conclusions ...

Listen

13

December 31, 2019 00:31:56
Episode 13: Creating Trust & Awareness

Episode 13: Creating Trust & Awareness

Attendees Guest: Vladi Sandler Guest title: Cloud Security team leader Company: cymotive.com Abstract Gaining trust and developing awareness with customers is one of the hardest challenges for providers. It is almost an art. In this episode we talk with Vladi Sandler from Cymotive about creating healthy relationships with customers and how a mixture of personal awareness and technical proficiency are crucial in the customer-provider relationships. Timing: 0:25 introducing our guest 03:30 Introducing Cymotive   5:55 Cymotive challenges with their market targets 10:10 relevant Security teams for protecting automotive  11:50 The concepts of car security 13:55 Challenges when creating trust - The people angle 17:48 Challenges when creating trust - The process angle 22:00 Challenges when creating trust - The technology angle 27:50 Summary and final words ...

Listen

12

December 10, 2019 00:35:29
Episode 12: Diving Into Authorization And Policy Bases Access Controls

Episode 12: Diving Into Authorization And Policy Bases Access Controls

Attendees Guest: Tsachi Lutaty Guest title: R&D manager Company: PlainID Abstract In the past years we have reached important progress in authentication. Multi factor authentication and Identity  Federation solved many of the identity authentication challenges. So it is now time to focus on the second aspect of Identity & Access Management - the aspect of Identity Authorization.  In this podcast we are talking with Tsachi Lutaty, R&D manager for PlainID, about the move from Role based access controls to Policy based access controls and how organizations can better engineer their authorization scheme and policies. Timing: 0:41 introducing our guest 1:25 Introducing PlainID  2:45 Authorization challenges - what are modern authorization challenges 8:00 Role based access control vs. Attribute / Policy  based access control  15:30 Existing authorization standards   18:58 How can we better engineer authorization system - The technology angle 26:15 How can we better engineer authorization system - The process angle 29:30 How can we better engineer authorization system - The people angle 32:50 Summary and final words ...

Listen

11

November 26, 2019 00:43:25
Episode 11: IoT Security Basics

Episode 11: IoT Security Basics

Attendees Guest: Eliav Gnessin Guest title: CTO Company: DeviceTone Abstract  IOT present one of the hottest topics in the industry today. In this episode we talk with Eliav Gnessin, CTO for DeviceTone, about securely engineering IOT solution end to end. During the episode Eliav guides us through IOT journey starting from the chipset of the device itself and all the way up to the IOT cloud based management. Eliav will explain about different implementations consideration, latest developments in the market and the efforts made by chipmakers & cloud provider to create more secure IOT. Timing 0:00 Intro and introducing Eliev and DeviceTone 2:05 Why is it so hard to built secure IOT solutions? 9.00  How to properly build an IOT solutions: the technology angle  18:50   How to properly build an IOT solutions: the people angle 22.40 How to properly build an IOT solutions: the process angle 28:10 Doing over-the-air updates 31:40 The different approaches to IOT coming from the cloud providers 38.20 Tips to IOT developers ...

Listen

10

November 24, 2019 00:30:24
Episode 10: Securing The New Fintech Economy

Episode 10: Securing The New Fintech Economy

Attendees Guest: Nir Valtman Guest title:  Product security lead Company:  Finastra Abstract Fintech companies drive cloud security forward by setting the highest bar of requirements on cloud providers. In this episode we talk with Nir Valtman, Product security leader at Finastra about the challenges of Fintech companies and dive into API Authentication and Authorization best practices and building eco-system that can support trust between banks and young fintech companies. Timing 0:00 Intro and introducing our guest 2:40 Introducing Finastra and the challenges of traditional banks with modern fintech.  4.50  Building API platforms for banks. Challenges, security considerations and solutions.  8:45   Creating trust between banks and fintech companies - validating applications end to end security from the fintech to the banks. 12.30 Authenticating & Authorizing API requests on banking platforms. Methods, challenges and common use cases 19:30 Detecting anomalies detection and analyzing API’s on top of cloud platforms 25:35 The challenges of application secret management with partners 28.25 Tips for fintech companies ...

Listen

9

October 29, 2019 00:35:01
Episode 9: Challenges With Cloud Management Logs

Episode 9: Challenges With Cloud Management Logs

Attendees Guest: Shira Shamban Guest title:  Cloud Security Company:  Check Point (Dome9) Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms and the challenges of gaining insights from them. Abstract Cloud providers has invested heavily in adding visibility, monitoring and logging capabilities of networking  and administrative activities. In this session with talk with Shira Shamban, a cloud security expert from Check Point about the challenges of collecting the different logs exist in cloud platforms  and the challenges of gaining insights from them.  0:00 Introducing Shira and her activities in CheckPoint and community activities (Security-Diva, CSA Top Threat working group, OWASP-IL)  11:55 Introducing the challenges of cloud log management: enabling correctly,  long term storage, analysis challenges, lack of info  19.45  The challenges of monitoring cloud assets using IP addresses  21:25   How to properly do cloud based log collection: Enrichment, external threat service 24.20 Values of log visualization  28.05 Log storage management 31:21 Summary and last words ...

Listen